Search on This Topic: News

The CCFP Snapshot offers an inside look at what it’s like to be a Certified Cyber Forensics Professional (CCFP). Offered by (ISC)2®, the global leader in information security certifications, CCFP is the only global cyber forensics credential that provides a comprehensive validation of a candidate’s knowledge and skills as a digital forensics expert.

Today’s digital forensics professionals need to understand far more than just hard drive and intrusion analysis. Whether a law enforcement officer supporting criminal investigations, a digital forensics specialist consulting clients, or an eDiscovery specialist working on litigation, CCFP demonstrates a professional’s ability to gather, analyze, and deliver digital evidence that is accurate, complete, and reliable.

Recently, we released a new free tool that allows investigators to acquire the memory of a live PC. Customers using our IEF Triage module will already be familiar with this tool, as it’s used to acquire evidence from live systems. In realizing that others could benefit from our RAM capture tool, we decided to release it free to the forensics community.

Memory analysis can reveal a lot of important information about a system and its users. There are often instances where evidence stored in memory is never written to the hard drive, and may only be found in the pagefile.sys or hiberfil.sys. Memory analysis is essential to many malware and intrusion incidents and can be imperative in recovering valuable evidence for almost any PC investigation...

I am a digital forensics examiner who early in my career studied computer science and wrote code as a software developer and later in my career studied law and became a licensed attorney. I have acquired certifications in both mobile device forensics and computer forensics and own a private digital forensics firm in Minnesota. We love mobile! Half our case load is recovering dozens of flavors of deleted messages from every variety of phone known to humanity. But we also devise evidence strategy for complex civil litigation and draft preservation letters and requests for production and advise on e-discovery issues, which now increasingly turn on mobile evidence.

I obtained Magnet Forensics’ Internet Evidence Finder (IEF) in early January 2013 upon strong recommendations from friends in the industry. As a mobile examiner I procured it for examining microSD cards removed from the phone and placed behind a write blocker for live and deleted multimedia evidence including photo, video, audio, and anything else that might be there...

How many passwords does an average Joe or Jane have to remember? Obviously, it’s not just one or two. Security requirements vary among online services, accounts and applications, allowing (or disallowing) certain passwords. Seven years ago, Microsoft determined in a study that an average user had 6.5 Web passwords, each of which is shared across about four different websites. They’ve also determined that, back then, each user had about 25 accounts that required passwords, and typed an average of 8 passwords per day.

It didn’t change much in 2012. Another study determined that an average person has 26 online accounts, but uses only five passwords to keep them secure, typing about 10 passwords per day. CSID has a decent report (opens as PDF) on password usage among American consumers, discovering that as many as 54% of consumers have five passwords or fewer, while another 28% reported using 6 to 10 passwords...

This article does not attempt to provide a beginners guide to Bitcoin, nor an in-depth thesis on Bitcoin forensics. Rather, it will be an overview of the potential opportunities available to digital forensics and traditional investigators to obtain evidence in relation to attributing transactions or holdings to a specific person and (legally) seizing those funds.

I will discuss academic work that has been undertaken in this area, what precautions a security aware user may take and the issues introduced by them doing so. I will also discuss an open-source Python tool called BTCscan, which has been created to accompany this article and will carve out bitcoin addresses, private keys and other Bitcoin artifacts.

This article may be of interest to persons conducting investigations for criminal, civil, personal or business reasons. Some elements may be of limited relevance to agencies without powers of seizure and/or subpoena...

Speaking on the ‘Fighting Shadows' panel at the Davos convention in Switzerland on Saturday,Toomas Hendrik Ilves joined senior figures from Kaspersky, Microsoft and the United Nations in calling for improved cyber-crime policing, laws and collaboration – whilst also calling into question how – and if - countries can respond to cyber-attacks.

Estonian websites were famously hit by distributed-denial-of-service (DDoS) attacks in 2007, which at the time was rumoured to be work of the Russian government. Subsequently, the country became one of the world's most advanced countries on cyber-security, even establishing the NATO Cooperative Cyber Defence of Excellence in Tallinn in August 2010. Ilves – who said that the country also helped with similar DDoS attacks against Georgian websites a year later – admitted that DDoS and nation-state attacks are very different things, but said that defending against cyber-criminals is almost impossible considering outdated laws...

Sanderson Forensics was recently contacted by a customer at a police force with a question relating to deleted SQLite records that were found in a rollback journal. The requirement was to create a report(s) showing both the live records in the Kik database as well as the deleted records that were found by a filename search in the rollback journal.

The article at the link below goes into a little detail of how the rollback journal works, some thoughts on recovering data from it and then details how the data was recovered from the rollback journal and then how we distinguished and created a report showing the deleted records in the journal vs the live records that were also present in the journal...

This will include all new customers up until the time Secure View 4 is launched. The current price for Secure View 3 stands at $2495. Although no current price for Secure View 4 has been listed, it is expected to start at $2995. This means that a new customer can still purchase Secure View at the current cost and get a free upgrade when Secure View 4 launches in late February 2015.

Secure View 4 will include industry first ACCE (Advanced Cross Case Examination) analytics allowing users to probe old cases with new data. SV4 will also include new deleted data features, an all new interface and a redesigned analytics engine. For a trial version of Secure View 3, contact: jkirby@susteen.com

(ISC)2® offers the Certified Cyber Forensics Professional (CCFP), the only global cyber forensics credential that provides a comprehensive validation of a candidate’s knowledge and skills as a digital forensics expert. Free CCFP Webcasts are now available that provide insight into what candidates need to know before taking this exam. It includes a detailed overview of each domain, the value of certification, and how to study for the exam

First introduced in 2013, CCFP provides the industry’s first global standard for assessing experienced digital forensics professionals’ mastery and professionalism. The credential provides digital forensics employers and the legal community with validation that a digital forensics professional can lead digital investigations that assure complete, accurate, and reliable results.